What is a Threat? – Risk Management Terminology

Accepting risk, risk tolerance, or accepted risk is the result after a cost/benefit analysis shows countermeasure costs would outweigh the possible cost of loss due to a risk. Example: Management has agreed to accept the consequences and/or loss if that risk actually happens. For example, a patch for a vulnerability exists but every time the…

Data classification is the concept of protecting data based on secrecy, sensitivity, or confidentiality. The reason for data classification is because it is not wise to treat all data equal. Certain data needs more security than others. Data classification allows organizations to categorize the data in a way that items, objects, and subjects are in…

The server, while acting as a gateway or proxy, did not receive a timely response from an upstream server it needed to access in order to complete the request.

The target resource resides temporarily under a different URI and the user agent MUST NOT change the request method if it performs an automatic redirection to that URI. Since the redirection can change over time, the client ought to continue using the original effective request URI for future requests. The server SHOULD generate a Location…

Administrative controls are the policies and procedures defined by an organization’s security policy and other regulations or requirements. These controls focus on personnel and business practices. Examples: policies, procedures, hiring practices, background checks, employee training.

The server is refusing to service the request because the request-target is longer than the server is willing to interpret. This rare condition is only likely to occur when a client has improperly converted a POST request to a GET request with long query information, when the client has descended into a “black hole” of redirection…